CN108449346A - A kind of key generation client - Google Patents

A kind of key generation client Download PDF

Info

Publication number
CN108449346A
CN108449346A CN201810241948.4A CN201810241948A CN108449346A CN 108449346 A CN108449346 A CN 108449346A CN 201810241948 A CN201810241948 A CN 201810241948A CN 108449346 A CN108449346 A CN 108449346A
Authority
CN
China
Prior art keywords
key
module
request
server
connection request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810241948.4A
Other languages
Chinese (zh)
Other versions
CN108449346B (en
Inventor
田健生
杨秩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Believable Huatai Technology Co Ltd
Original Assignee
Beijing Believable Huatai Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Believable Huatai Technology Co Ltd filed Critical Beijing Believable Huatai Technology Co Ltd
Priority to CN201810241948.4A priority Critical patent/CN108449346B/en
Publication of CN108449346A publication Critical patent/CN108449346A/en
Application granted granted Critical
Publication of CN108449346B publication Critical patent/CN108449346B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of keys to generate client, including connection request module, responder module, key request module and cipher key calculation module, wherein:The connection request module, which is used to generate client to another key, sends connection request;The responder module is due to after receiving connection request, sending response message;The key request module is used for server requests key;The message computation key that the cipher key calculation module is used to be returned according to server.

Description

A kind of key generation client
【Technical field】
Field is generated the invention belongs to key more particularly to a kind of key generates client.
【Background technology】
Key is a kind of parameter, it is to be converted to ciphertext in plain text or converting ciphertext into the ginseng inputted in the algorithm of plaintext Number.Key is divided into symmetric key and unsymmetrical key.In modern computer, in order to ensure safety, key pair is usually used The information of user is encrypted, this just needs to generate key.It is how safe, credible, be quickly generated key, be modern computer In an important topic.
【Invention content】
In order to solve the above problem in the prior art, the present invention provides a kind of keys to generate client.
The technical solution adopted by the present invention is specific as follows:
A kind of key generation client, including connection request module, responder module, key request module and cipher key calculation mould Block, wherein:
The connection request module, which is used to generate client to another key, sends connection request;
The responder module is due to after receiving connection request, sending response message;
The key request module is used for server requests key;
The message computation key that the cipher key calculation module is used to be returned according to server.
Further, it further includes communication module that the key, which generates client, for server and other clients into Row communication.
Further, the connection request includes random connection code and request code.
Further, the response message is for informing that other side has received connection request.
Further, the key generates client and is registered in advance in server.
Beneficial effects of the present invention are:In the case where not reducing safety, compared with the prior art, method of the invention is more Add simple and reliable, reduce the complexity of realization, low, the equipment that can be applied to different computing capabilitys is required to computing capability.
【Description of the drawings】
Attached drawing described herein is to be used to provide further understanding of the present invention, and is constituted part of this application, but It does not constitute improper limitations of the present invention, in the accompanying drawings:
Fig. 1 is the tripartite involved by key generation process of the present invention;
Fig. 2 is the building-block of logic that key of the present invention generates client.
【Specific implementation mode】
Come that the present invention will be described in detail below in conjunction with attached drawing and specific embodiment, illustrative examples therein and says It is bright to be only used for explaining the present invention but not as a limitation of the invention.
The key of the present invention generates client when using, and is segmented into two sides in logic:Key request side and key connect Debit.Under the assistance of server, key is generated between key request side and key generation side.
The key request side and recipient are the both sides for needing that communication is encrypted on network.The key request side is A side of the coded communication is initiated, and initiates the generating process of key by the key request side.The key reception method It is the key generation process for receiving a side of coded communication, and the key request side being coordinated to initiate.The key generates client End includes connection request module, responder module, key request module and cipher key calculation module.In addition, the key generates client End further includes communication module, for being communicated with server and other clients.
The server is a neutral trusted third party, is used to be that each side for generating key is needed to carry out in advance Registration, and a secret information generated at random is provided respectively for each side.For example, A is registered to the server, server After being authenticated to the identity of A, a secret information Secret is generated at random, it is preferred that in order to ensure enough safety, Secret is no less than 1024 binary numbers.The secret information is supplied to A, is preserved respectively by A and server.
Based on above-mentioned trigonal crystal structure, the process for generating key to the present invention below is described in detail:
(1) key request side initiates the connection request by connection request module to key reception side, takes in a connection request With a connection code LA and request code ID;The connection code LA and request code ID is one generated at random by request module Number.
For security consideration, the digit of the connection code should long enough, it is preferred that connection code secret should be believed with above-mentioned It is the same to cease Secret, no less than 1024.
(2) key reception side is generated a connection code LB by responder module, then replied at random after receiving connection request Module sends a response message to key request side.
As connection code LA, the digit of connection code LB should also be as long enough, under preferable case, the digit phase of LB and LA Together.But LB is not included in response message, which only informs that key request side, key reception side have received Request, and be ready to generate key.
(3) after receiving response message, the key request module of key request side sends one to server for key request side A secret key request message KeyRequestA, the KeyRequestA include connecting code LA, request code ID and Hash result HA, Wherein HA=Hash (SecretA ⊕ LA) }.
Key reception side sends another secret key request message to server simultaneously also by the key request module of itself KeyRequestB, the KeyRequestB include request code ID, LC and Hash result HB.
Wherein LC=LA ⊕ LB, HB=Hash (SecretB ⊕ LA ⊕ LB).
Wherein, SecretA is the secret information that key request side is obtained in server registration, and SecretB is that key connects The secret information that debit obtains in server registration.Hash is a hash function, can be used any one in this field Hash algorithm well known to kind.
All include the number that its own is generated at random in the Hash calculation of key request side and key reception side, in this way may be used To avoid specified Hash result is obtained by go-between, safety ensure that.
(4) server is primarily based on request code ID and determines that the two are close after receiving above-mentioned two secret key request message Key request message is to come from a pair of secret keys requesting party and recipient;Then respectively to the Hash result in two secret key request messages It is verified, if there are one verifications not to pass through, server ignores the two secret key request messages, and method terminates;If tested Card all passes through, then continues subsequent step.
Specifically verification process is:
For KeyRequestA, server voluntarily calculates Hash (SecretA ⊕ LA) (since server saves in advance SerectA, so server can calculate the Hash), judge whether result of calculation is equal with HA, if unequal, verifies Do not pass through, is otherwise verified.
For KeyRequestB, server voluntarily calculates Hash (SecretB ⊕ LA ⊕ LB), judges result of calculation and HB It is whether equal, if unequal, verify and do not pass through, is otherwise verified.
(5) server generates a key Key at random, calculates separately KA and KB, i.e.,:
KA=Key ⊕ SecretA, KB=Key ⊕ SecretB
Then KA is sent to key request side by server, and KB is sent to key reception side.
(6) after key request side receives KA, Key, i.e. Key=KA ⊕ SecretA are calculated by its cipher key calculation module;
After key reception side receives KB, Key=KB ⊕ SecretB are calculated also by its cipher key calculation module.
So far, key request side and key reception side all respectively obtain common key Key, close so as to be based on this The operations such as communication are encrypted in key.
From above procedure as can be seen that an entire key generation process pertains only to exclusive or calculating, calculating process is simple, therefore It is very low to the computing capability requirement of key request side and key reception side, therefore even if this two side is that computer capacity is lower Equipment can also complete key generation process.Also, key generation process each time all relies on the connection of both sides' generation Code, and believable server is needed to verify between two parties, after server has separately verified the identity of both sides, key is generated, therefore whole A process has enough safeties, and the both sides' identity for generating key can be traced in the later stage.
The above is only the better embodiment of the present invention, therefore all constructions according to described in present patent application range, The equivalent change or modification that feature and principle are done, is included within the scope of present patent application.

Claims (5)

1. a kind of key generates client, which is characterized in that including connection request module, responder module, key request module and Cipher key calculation module, wherein:
The connection request module, which is used to generate client to another key, sends connection request;
The responder module is due to after receiving connection request, sending response message;
The key request module is used for server requests key;
The message computation key that the cipher key calculation module is used to be returned according to server.
2. key according to claim 1 generates client, which is characterized in that further include communication module, be used for and service Device and other clients are communicated.
3. the key according to claim 1-2 any one generates client, which is characterized in that wrapped in the connection request Include random connection code and request code.
4. the key according to claim 1-3 any one generates client, which is characterized in that the response message is used for Inform that other side has received connection request.
5. key generates client according to any one of claims 1-4, which is characterized in that the key generates client It is registered in advance in server at end.
CN201810241948.4A 2018-03-22 2018-03-22 Key generation client Active CN108449346B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810241948.4A CN108449346B (en) 2018-03-22 2018-03-22 Key generation client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810241948.4A CN108449346B (en) 2018-03-22 2018-03-22 Key generation client

Publications (2)

Publication Number Publication Date
CN108449346A true CN108449346A (en) 2018-08-24
CN108449346B CN108449346B (en) 2021-07-27

Family

ID=63196295

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810241948.4A Active CN108449346B (en) 2018-03-22 2018-03-22 Key generation client

Country Status (1)

Country Link
CN (1) CN108449346B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090138714A1 (en) * 2007-11-26 2009-05-28 Kabushiki Kaisha Toshiba Communication apparatus, key server, management server, communication server, content distribution system, communication method, and recording medium
CN101715638A (en) * 2007-03-20 2010-05-26 迪姆威奇软件有限责任公司 Secure electronic messaging system requiring key retrieval for deriving decryption key
CN103166958A (en) * 2013-02-26 2013-06-19 深圳创维数字技术股份有限公司 Protection method and protection system of file
CN103763356A (en) * 2014-01-08 2014-04-30 深圳大学 Establishment method, device and system for connection of secure sockets layers
CN103974241A (en) * 2013-02-05 2014-08-06 东南大学常州研究院 Voice end-to-end encryption method aiming at mobile terminal with Android system
CN104081711A (en) * 2011-12-16 2014-10-01 阿卡麦科技公司 Terminating SSL connections without locally-accessible private keys
US20160254910A1 (en) * 2016-05-07 2016-09-01 Keir Finlow-Bates Revocation of cryptographic keys in the absence of a trusted central authority
WO2016155826A1 (en) * 2015-04-01 2016-10-06 Telefonaktiebolaget Lm Ericsson (Publ) System, apparatus and method for load balancing
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101715638A (en) * 2007-03-20 2010-05-26 迪姆威奇软件有限责任公司 Secure electronic messaging system requiring key retrieval for deriving decryption key
US20090138714A1 (en) * 2007-11-26 2009-05-28 Kabushiki Kaisha Toshiba Communication apparatus, key server, management server, communication server, content distribution system, communication method, and recording medium
CN104081711A (en) * 2011-12-16 2014-10-01 阿卡麦科技公司 Terminating SSL connections without locally-accessible private keys
CN103974241A (en) * 2013-02-05 2014-08-06 东南大学常州研究院 Voice end-to-end encryption method aiming at mobile terminal with Android system
CN103166958A (en) * 2013-02-26 2013-06-19 深圳创维数字技术股份有限公司 Protection method and protection system of file
CN103763356A (en) * 2014-01-08 2014-04-30 深圳大学 Establishment method, device and system for connection of secure sockets layers
WO2016155826A1 (en) * 2015-04-01 2016-10-06 Telefonaktiebolaget Lm Ericsson (Publ) System, apparatus and method for load balancing
US20160254910A1 (en) * 2016-05-07 2016-09-01 Keir Finlow-Bates Revocation of cryptographic keys in the absence of a trusted central authority
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
VIRENDRA KUMAR,JONATHAN PETIT,WILLIAM WHYTE: "Binary hash tree based certificate access management for connected vehicles", 《PROCEEDINGS OF THE 10TH ACM CONFERENCE ON SECURITY AND PRIVACY IN WIRELESS AND MOBILE NETWORK》 *
贾宁: "密钥哈希消息认证码椭圆曲线数字签名", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Also Published As

Publication number Publication date
CN108449346B (en) 2021-07-27

Similar Documents

Publication Publication Date Title
CN111682938B (en) Three-party authenticatable key agreement method facing centralized mobile positioning system
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
CN110234111B (en) Two-factor authentication key agreement protocol suitable for multi-gateway wireless sensor network
CN113612605B (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
CN102868531B (en) Networked transaction certification system and method
CN101442411A (en) Identification authentication method between peer-to-peer user nodes in P2P network
TW431108B (en) Method for establishing a key using over-the-air communication and password protocol and password protocol
CN108848074B (en) Information service entity cross-domain authentication method based on domain agent trust value
CN110048849A (en) A kind of session cipher negotiating method of multilayer protection
CN104753937A (en) SIP (System In Package)-based security certificate registering method
CN110278088A (en) A kind of SM2 collaboration endorsement method
CN105577612A (en) Identity authentication method, third party server, merchant server, and user terminal
CN104767624A (en) Remote protocol authentication method based on biological features
CN111817846A (en) Lightweight key negotiation communication protocol
CN106789057A (en) Cryptographic key negotiation method and system under satellite communication protocols
CN115514474A (en) Industrial equipment trusted access method based on cloud-edge-end cooperation
CN106921491B (en) Safe and efficient outsourcing calculation implementation method and system
CN112788011A (en) Gateway bidirectional authentication system and method based on state cryptographic algorithm
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN112653554A (en) Signature method, system, equipment and readable storage medium
CN103986716A (en) Establishing method for SSL connection and communication method and device based on SSL connection
CN109102294B (en) Information transmission method and device
CN114584975B (en) SDN-based anti-quantum satellite network access authentication method
CN115955320A (en) Video conference identity authentication method
CN110519219A (en) A kind of password authentication key exchange method and system based on lattice

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant